Logging user activities

From: Richard Bejtlich (richard_bejtlich_at_yahoo.com)
Date: 01/06/04

  • Next message: twig les: "Re: Logging user activities" 
    Date: Tue, 6 Jan 2004 13:04:30 -0800 (PST)
To: freebsd-security@freebsd.org

    Hello,

    What do you recommend for keeping track of user
    activities? For preserving bash histories I followed
    these recommendations:

    http://www.defcon1.org/secure-command.html

    They include using 'chflags sappnd .bash_history',
    enabling process accounting, and the like.

    My goal is to "watch the watchers," i.e. watch for
    abuse of power by SOC people with the ability to view
    traffic captured by sniffers.

    I plan to use sudo to limit and audit user activities
    too. I may also try some of the patches to bash
    listed at project.honeynet.org which send keystrokes
    to a remote server. Hardware keystroke logging is
    always a possibility.

    For more, should I turn to TrustedBSD integration in a
    future 5.x release?

    Thank you,

    Richard Bejtlich
    http://www.taosecurity.com

    __________________________________
    Do you Yahoo!?
    Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
    http://hotjobs.sweepstakes.yahoo.com/signingbonus
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: twig les: "Re: Logging user activities"